Reverse Engineer Flutter Technique #2913
Conversation
Hi, My name is Sabina, and I am part of the research team at Datafarm. We have recently developed a tool called Blutter, designed to reverse engineer Flutter mobile application. We believe this tool could be highly beneficial to the cybersecurity community and are excited about the possibility of sharing it through OWASP's page.
To facilitate this, I would like to propose adding a technique document about our tool to your GitHub repository. This document would include:
-A detailed description of Blutter
-Its key features and use cases
If there is any additional information or clarification we can provide about Blutter, or if there are any specific features or improvements you believe would enhance its functionality for your community or organization, please feel free to contact us.
|
Thanks @Datafarm-Research for your contribution. Please review this other PR and make sure anything that's just about the tool itself goes there, or add it after the PR is merged. This may include the description, links to installation details, benefits of using the tool over other alternatives, etc. After that, please remove such information from the technique file. Background: We have MASTG-TOOL (tools) and MASTG-TECH (techniques). To add a technique, please follow the same style as the other technique markdown files and include the metadata as yaml. Also, please fix any markdown errors and update the filename to MASTG-TECH-0112, which is the next one available. Thank you very much! |
|
Hi @cpholguera thanks so much for your support. I've made the changes to the markdown file as you suggested. When you have a moment, could you provide some guidance on how to properly include metadata using YAML syntax? |
|
Absolutely, here's an example: https://github.com/OWASP/owasp-mastg/blob/master/techniques/android/MASTG-TECH-0001.md?plain=1 ---
title: Accessing the Device Shell
platform: android
--- |
| There are significant challenges in reverse engineering Dart AOT snapshots due to several factors. The generated assembly code uses distinctive features, including specific registers, calling conventions, and integer encoding, making analysis more complex. In addition, information about each class in the snapshot must be read | ||
| sequentially, preventing random access and requiring engineers to sift through potentially irrelevant classes to locate the one of interest. Moreover, the format lacks documentation and has evolved considerably over time, further complicating the reverse engineering process. These unique characteristics of the Flutter framework make reverse engineering Flutter applications particularly difficult. | ||
|
|
||
| Currently, a tool exists that can efficiently reverse engineer Flutter applications. One such tool is called [Blutter](https://github.com/worawit/blutter) which can be directly downloaded from Github. |
There was a problem hiding this comment.
Consider (don't copy-paste please):
There are currently only a few tools available for reverse engineering Flutter applications. Reading Dart snapshots, which are used to store all Dart objects, is a common problem because the format changes with each update. Updating the snapshot reader for each new release of the Flutter framework is a tedious task. Currently, “Reflutter” is the only tool that can get around this problem by patching and recompiling the flutter engine. However, recompiling an engine without a ready-made one takes time. To dump the metadata from snapshot, a Flutter application must be run.
By using the Dart runtime source code directly, we can reduce the compiling time of the Dart runtime by just choosing the necessary source files. Additionally, the Dart runtime can be used to extract metadata from a snapshot without launching a Flutter application.
| // 0x59620c: mov x1, x0 | ||
| // 0x596210: stur x1, [fp, #-0x10] | ||
| // 0x596214: r0 = Await() | ||
| ``` |
There was a problem hiding this comment.
Add an explanation of this
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Hi, My name is Sabina, and I am part of the research team at Datafarm. We have recently developed a tool called Blutter, designed to reverse engineer Flutter mobile application. We believe this tool could be highly beneficial to the cybersecurity community and are excited about the possibility of sharing it through OWASP's page.
To facilitate this, I would like to propose adding a technique document about our tool to your GitHub repository. This document would include:
If there is any additional information or clarification we can provide about Blutter, or if there are any specific features or improvements you believe would enhance its functionality, please feel free to contact us.